Decentralized Approaches for Key Revocation in Cloud Computing A Review

Similar documents
A Secure Decentralized Access Control Scheme for Data stored in Clouds

Attribute Based Encryption with Privacy Preserving In Clouds

Decentralized Access Control Secure Cloud Storage using Key Policy Attribute Based Encryption

Decentralized Access Control Schemes for Data Storage on Cloud

Data Storage Security Based on Decentralized Access Control without Knowing Client s Identity in Cloud

DECENTRALIZED ACCESS CONTROL TO SECURE DATA STORAGE ON CLOUDS

MULTI ATTRIBUTE BASED SECURITY AND KEY DISTRIBUTION FOR SECURE STORAGE IN CLOUDS

Keywords: Authentication, Third party audit, cloud storage, cloud service provider, Access control.

How To Ensure Data Integrity In Cloud Storage

EFFICIENT AND SECURE ATTRIBUTE REVOCATION OF DATA IN MULTI-AUTHORITY CLOUD STORAGE

Localized Approach Management with Unknown of Accumulation Stored In Cloud Repository

CRYPTOGRAPHIC SECURE CLOUD STORAGE MODEL WITH ANONYMOUS AUTHENTICATION AND AUTOMATIC FILE RECOVERY

Providing Access Permissions to Legitimate Users by Using Attribute Based Encryption Techniques In Cloud

Data management using Virtualization in Cloud Computing

A New Approach to Data Authentication in Cloud Storage

An Efficient Security Based Multi Owner Data Sharing for Un-Trusted Groups Using Broadcast Encryption Techniques in Cloud

Distributed Attribute Based Encryption for Patient Health Record Security under Clouds

Sharing Of Multi Owner Data in Dynamic Groups Securely In Cloud Environment

Anonymous access request matching mechanism with security and privacy considerations in Cloud Computing

Expressive, Efficient, and Revocable Data Access Control for Multi-Authority Cloud Storage

A NOVEL APPROACH FOR MULTI-KEYWORD SEARCH WITH ANONYMOUS ID ASSIGNMENT OVER ENCRYPTED CLOUD DATA

Privacy Preserving Public Auditing for Data in Cloud Storage

SECURITY ENHANCEMENT OF GROUP SHARING AND PUBLIC AUDITING FOR DATA STORAGE IN CLOUD

Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the Cloud

DATA SECURITY IN CLOUD USING ADVANCED SECURE DE-DUPLICATION

G.J. E.D.T.,Vol.3(1):43-47 (January-February, 2014) ISSN: SUODY-Preserving Privacy in Sharing Data with Multi-Vendor for Dynamic Groups

Secure Data transfer in Cloud Storage Systems using Dynamic Tokens.

RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACY-PRESERVING MECHANISM

Enhancing Data Security in Cloud Storage Auditing With Key Abstraction

Privacy Preservation and Secure Data Sharing in Cloud Storage

Secure Way of Storing Data in Cloud Using Third Party Auditor

EFFICIENT AND SECURE DATA PRESERVING IN CLOUD USING ENHANCED SECURITY

Keywords: Access Control, Authentication, Attribute-Based Signatures, Attribute-Based Encryption, Cloud Storage.

Secrecy Maintaining Public Inspecting For Secure Cloud Storage

Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment

PRIVACY PRESERVING OF HEALTH MONITORING SERVICES IN CLOUD

COMPUSOFT, An international journal of advanced computer technology, 4 (4), April-2015 (Volume-IV, Issue-IV)

ADVANCE SECURITY TO CLOUD DATA STORAGE

Index Terms: Cloud Computing, Third Party Auditor, Threats In Cloud Computing, Dynamic Encryption.

How To Ensure Correctness Of Data In The Cloud

Improve Access Policy Using Role Based System In Cloud Database

KEY-POLICY ATTRIBUTE BASED ENCRYPTION TO SECURE DATA STORED IN CLOUD

Ranked Keyword Search Using RSE over Outsourced Cloud Data

AN ENHANCED ATTRIBUTE BASED ENCRYPTION WITH MULTI PARTIES ACCESS IN CLOUD AREA

SECURE RE-ENCRYPTION IN UNRELIABLE CLOUD USINGSYNCHRONOUS CLOCK

Secure Role-Based Access Control on Encrypted Data in Cloud Storage using Raspberry PI

Categorical Heuristic for Attribute Based Encryption in the Cloud Server

Improving data integrity on cloud storage services

Keywords Cloud Storage, Error Identification, Partitioning, Cloud Storage Integrity Checking, Digital Signature Extraction, Encryption, Decryption

Index Terms: Cloud Computing, Cloud Security, Mitigation Attack, Service Composition, Data Integrity. 1. Introduction

Index Terms Cloud Storage Services, data integrity, dependable distributed storage, data dynamics, Cloud Computing.

ASSURANCE OF PATIENT CONTROL TOWARDS PERSONAL HEALTH DATA

Key Distribution Centre with Privacy Preserving Authentication Data Storage in Clouds

Securing Personal Health Records in Cloud Utilizing Multi Authority Attribute Based Encryption

SECURE CLOUD STORAGE PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD

Enabling Public Auditing for Secured Data Storage in Cloud Computing

A Secure & Efficient Data Integrity Model to establish trust in cloud computing using TPA

AN EFFICIENT AUDIT SERVICE OUTSOURCING FOR DATA IN TEGRITY IN CLOUDS

PUBLIC ANALYZING FOR SHARED AND SECURE INFORMATION STORAGE IN CLOUD USING STEGANOGRAPHY

Near Sheltered and Loyal storage Space Navigating in Cloud

Secure Multi Authority Cloud Storage Based on CP- ABE and Data Access Control

Efficient and Secure Dynamic Auditing Protocol for Integrity Verification In Cloud Storage

Public Auditing for Shared Data in the Cloud by Using AES

How To Secure Cloud Computing, Public Auditing, Security, And Access Control In A Cloud Storage System

CLOUD COMPUTING SECURITY IN UNRELIABLE CLOUDS USING RELIABLE RE-ENCRYPTION

To Provide Security & Integrity for Storage Services in Cloud Computing

N TH THIRD PARTY AUDITING FOR DATA INTEGRITY IN CLOUD. R.K.Ramesh 1, P.Vinoth Kumar 2 and R.Jegadeesan 3 ABSTRACT

A Secure and Dependable Cloud Storage Service in Cloud Computing

Survey on Efficient Information Retrieval for Ranked Query in Cost-Efficient Clouds

PERFORMANCE OF BALANCED STORAGE SERVICES IN CLOUD SYSTEM

Distributed auditing mechanism in order to strengthen user s control over data in Cloud computing Environment

Implementation of Role Based Access Control on Encrypted Data in Hybrid Cloud

Analysis of Secure Cloud Data Sharing Within a Group

Secure Data Sharing in Cloud Computing using Hybrid cloud

PRIVACY ASSURED IMAGE STACK MANAGEMENT SERVICE IN CLOUD

Sheltered Multi-Owner Data distribution For vibrant Groups in the Cloud

An Efficiency Keyword Search Scheme to improve user experience for Encrypted Data in Cloud

Data Storage Security in Cloud Computing for Ensuring Effective and Flexible Distributed System

A Review of Cloud Environment and Recognition of Highly Secure Public Data Verification Architecture using Secure Public Verifier Auditor

International Journal of Advance Research in Computer Science and Management Studies

Secure Collaborative Privacy In Cloud Data With Advanced Symmetric Key Block Algorithm

SECURE AND TRUSTY STORAGE SERVICES IN CLOUD COMPUTING

SHARED DATA & INDENTITY PRIVACY PRESERVING IN CLOUD AND PUBLIC AUDITING

Security over Cloud Data through Encryption Standards

Cloud Database Storage Model by Using Key-as-a-Service (KaaS)

COMPUSOFT, An international journal of advanced computer technology, 3 (6), June-2014 (Volume-III, Issue-VI)

Development of enhanced Third party Auditing Scheme for Secure Cloud Storage

Dynamic Query Updation for User Authentication in cloud Environment

INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & TECHNOLOGY (IJCET) PERCEIVING AND RECOVERING DEGRADED DATA ON SECURE CLOUD

Privacy Preserving Access Control with Authentication for Securing Data in Clouds

Hey! Cross Check on Computation in Cloud

Cloud Data Service for Issues in Scalable Data Integration Using Multi Authority Attribute Based Encryption

Analysis on Secure Data sharing using ELGamal s Cryptosystem in Cloud

Single Sign-On Secure Authentication Password Mechanism

A Novel Frame Work For Cloud Computing Security By Using Abe

A Survey on Privacy-Preserving Techniques for Secure Cloud Storage

SECURITY STORAGE MODEL OF DATA IN CLOUD Sonia Arora 1 Pawan Luthra 2 1,2 Department of Computer Science & Engineering, SBSSTC

Data Grid Privacy and Secure Storage Service in Cloud Computing

A Proxy-Based Data Security Solution in Mobile Cloud

Privacy preserving technique to secure cloud

Transcription:

Decentralized Approaches for Key Revocation in Cloud Computing A Review Mr.M.Newlin Rajkumar 1, Ms. P. Lakshmi Rekha 2, Dr.V.Venkatesa Kumar 3, Mr. P. Loganathan 4 Computer Science and Engineering 1, 2, 3, 4 1, 2, 3, 4, Anna University Regional Center, Coimbatore Email: newlin_rajkumar@yahoo.co.in 1, lakshmirekhame@gmail.com 2 Abstract- Cloud Computing is a sort of computing that depends on computing resources instead of having related servers or Personal devices to handle applications. Cloud Computing is similar to the grid Computing, a kind of computing wherever unused processor cycles of all computers in networks are a unit harness to unravel issues too intensive for Any complete machine. In this proposes a privacy conserving accessible strategy for Knowledge storage that supports anonymous authentication and performs suburbanized key management. Within the planned strategy, the cloud adopts Associate degree access management policy and attributes concealing Strategy to reinforce security. This new strategy any prevents replay attacks And supports secure and economically dynamic operation on knowledge Blocks, including: information update, creation, modification and reading Knowledge hold on within the cloud. Moreover, the authentication and access management secret is suburbanite and strong, in contrast to alternative access management schemes designed for clouds that are a unitary centralized. Use additionally offer choices for file recovery. Intensive security and performance process demonstrate that the planned scheme is very economical and resilient against replay attacks. User cancelling and access control policies extremely contributes to avoid abuse of cloud services and shared technology problems. Index Terms- Access Control, Authentication, Access Policy, Attributes 1. INTRODUCTION Cloud Computing is that the rising technology wherever we've an inclination to unit able to get code as a service. Once it involves storage as a service, information privacy and information utilization area unit the first problems to be handled. To handle the dealings of files to and from the cloud server, the files are a unit encrypted before being outsourced to the business public cloud. The storage holds the pertinent knowledge and data to function on however; they're going to be enforced. Improvement of storage is predicated on however the storage facility shielded from different attacks and accessibility of back-up. Cloud computing always regards consistency and accessibility of service that will naturally need the storage to be obtainable all the time. Much of the information keeps in clouds is extremely sensitive, for example, medical records and social networks. Secure storage and privacy are a unit so vital problems with cloud computing. In one hand, the user ought to demonstrate itself before initiating any dealings, and on the opposite hand, it should be ensured that the cloud or different users don't understand the identity of the user. The cloud will hold the user in charge of the information it outsources, and likewise, the cloud itself in charge of the services it provides. The validity of the owner WHO stores the information is additionally verified. With the exception of the technical solutions to ensure security and privacy, there's conjointly a requirement for law enforcement. Cloud servers are a unit vulnerable to Byzantine failure, wherever a storage server will fail in absolute ways that. The cloud is additionally at risk of information modification and server colluding attacks. In server colluding attack, the appraiser will compromise storage servers, so it will modify at risk of files as long as they're internally consistent. To generate secure information storage, the information has to be encrypted. However, the information is commonly changed and this dynamic property has to be taken into consideration whereas planning economical secure storage techniques. A public cloud is one supported the quality cloud computing model, within which a service supplier makes resources, such that applications and storage, out there to the final public over the net. Public cloud services could also be free or offered on a pay-per-usage model. A private cloud may be an explicit model of cloud computing that involves a definite and secure cloud based mostly surroundings within which solely the desired consumer will operate. Like different cloud models, non-public clouds can offer computing power as a service among a virtualized setting victimization Associate in a nursing underlying pool of physical computing resource. However, beneath the non-public cloud model, the cloud (the pool of resource) is simply accessible by one organization providing that organization with larger management and privacy. 159

Hybrid cloud is a composition of 2 or additional clouds (private, community or public) that stay distinctive entities, however, are a unit certain along, giving the advantages of multiple readying models. By utilizing "hybrid cloud computing" design and people are a unit able to acquire degrees of fault tolerance combined with regionally immediate usability while not depending on internet things. Hybrid cloud design needs each on-premises resources and off-site (remote) server-based cloud infrastructure. strategy uses a parallel key approach and doesn't support authentication. Earlier work provides privacy conserving documented access control in the cloud. However, the creator takes a centralized approach wherever single key distribution center (KDC) distributes secret keys and attributes to all or any users. Sadly, one KDC isn't solely a single purpose of failure, however difficult to take care of, attributable to a sizable amount of users that are supported during a cloud surroundings. Efficient search on encrypted information is additionally a very important concern in clouds. The clouds mustn't recognize the question, however, ought to be ready to come back the records that satisfy the question. This can be achieved by means that of searchable encoding. Access control in clouds is gaining attention as a result of it's necessary that solely approved users have access to valid service. A large quantity of data is being held on within the cloud, and fear of this can be sensitively data. Access control has additionally gained importance in online social networking wherever users (members) store their personal data, pictures, videos and share them with choosing groups of users or communities they belong to. It's not simply enough to store the contents securely within the cloud however it would even be necessary to confirm obscurity of the user. As an example, a user would really like to store some sensitive data, however doesn't need to be recognized. The user may need to post a touch up on a piece, however, doesn't need his/her identity to be disclosed. However, the user ought to be ready to convince the opposite users that he/she could be a valid user who keep the data while not revealing the identity. Existing work on access management in the cloud is a centralized unit in nature. Though some localized approaches were planned doesn't support authentication. Earlier work provides privacy conserving documented access control in the cloud. However, the creator takes a centralized approach wherever one key distribution center (KDC) distributes secret keys and attributes to all or any users. 2. ARCHITECTURES 2.1. Existing Architecture The pictorial summary of the prevailing design is represented in Fig. 1. Existing access control design in cloud square measure centralized in nature. The Fig. 1. Single KDC architecture Therefore, emphasize that clouds ought to take a localized approach, whereas distributing secret keys and attribute to users. It's conjointly quite natural for clouds to own could KDCs in several locations within the world. KDCs are localized in order to manage the big variety of clouds wherever single KDCs weren't capable of managing it. 2.2. Proposed Architecture The Single KDC design with no anonymous authentication makes it additional sophisticated and it conjointly, will increase the storage overhead at the single KDC. The pictorial summary of the localized KDC is represented in Fig. 2. The proposed localized design, additionally certify users, who need to remain anonymous whereas accessing the cloud. Have a tendency to plan a distributed access control mechanism in clouds. Within the preliminary version of this paper, tend to extend the previous work with further features that allows to certify the validity of the message while not revealing the identity of the user who has held on data within the cloud. 160

In this paper, would tend to conjointly address user revocation. And use attributes primarily based signature strategy to realize credibility and privacy. This scheme is immune to replay attacks, within which user will replace recent information with stale information from previous write, even though it now not has valid claim policy. This can be a very important property as a result of a user, revoked of its attributes, would possibly no longer be ready to write to the cloud. The planned design consists of the subsequent modules. The decentralized Key Distribution Centre design here considers two KDCs. Here used the Paillier Cryptosystem rule to realize credibility and privacy. The Paillier cryptosystem rule is employed for encryption and decryption method. During this work, user revocation was self-addressed. Once User tries to beat his access authority illegally, then his entry access in the cloud is going to be denied. Once a User is revoked then he will never enter into the cloud surroundings. The corrupted Files are often recovered exploitation File recovery options. When the content during a file is lost or corrupted it may be recovered exploitation String match algorithm utilized in File recovery work. 2.3. System Architecture The representation of the general flow of the proposed design is represented in Fig. 2a. The user can send request to the third Party Authenticator (TPA) for Registration. TPA is considered as sure entity and verifies whether or not the user is valid user or not. TPA verifies the User on the basis of the registration details. Once the user is taken into account as valid user then TPA provides the token to the User and user receiving the token from Third Party Authentication, User goes to the KDC for keys. There are multiple KDCs (here 1), which might be scattered. Key Distribution Centers that are decentralized give keys to differing kinds of user when obtaining tokens from users. Exploitation the keys received from the KDC, one User will transfer his move into the cloud setting. Separate keys are provided for uploading and downloading the files. 2.3.1 TPA Fig. 3. Decentralized KDC architecture. TPA is considered as fidelity entity and verifies whether a User is valid user or not. TPA proves the User on the basis of the registration information. Once the user is assigned as valid user then TPA provides the token to the User. 2.3.2 The User sends Message to TPA The user Register the his/her resource identity and enlist with the third party authenticator. The user sends the request to third party authenticator for registration. 2.3.3 User Revocation It is a widely known difficult downside to revoke users/attribute with efficiency in ABE. There is a unit two categories of ABE as Key Policy ABE and Cipher Policy ABE. During this module CRUD operations are a unit performed. Whenever the misbehavior is detected upon a user his key's revoked and the user will never use or move into the cloud. Users will select and enforce their own access policy It's a widely known difficult downside to revoke users/attributes with efficiency in ABE. There are two categories of ABE as Key Policy ABE and Cipher Policy ABE. During this module CRUD operations are performed. Whenever the misbehavior is detected upon a user his key's revoked and the user will never use or get into the cloud. Others will opt for and enforce their own access policy for every file, and may revoke a user while not involving high overhead. Fig. 2. Decentralized KDC architecture. 161

for every file, and might revoke a user while not involving high overhead. 2.3.4 TPA Policy Invention The TPA forward with a sign or token provides the Regulation and algorithms to be enabled by inventor, reader, Writer. 2.3.5 User Transfer Data/File From System The data /File Inventor after getting the accurate Authentication encrypts the data or file and transfer his/her files in the cloud environment. 2.3.6 File Recovery The Corrupted Files are often recovered exploitation File recovery choices. The lost information will be recovered exploitation String match rule utilizing the backup files already hold on. String Match rule performs exploitation Preprocessing steps. Preprocessing is performed by either preprocessing on P or Preprocessing on T. 2.3.7 Key Distribution Center Key Origination The Key Distribution Center is a unit decentralized and provides different keys to different kind of users after getting the Sign or token for the user. 2.3.8 Key Get Back Whenever they're improper deleted being above a user his/her key is revoked and that limited user can neither use or re-enter the cloud environment. 2.3.9 Cloud Administration Monitors the key generation policies and informs up normal behavior through the key distribution center and third party authentication. 3. Conclusion The cloud authenticates the user by confirming the credential s even while not knowing the initial identity of the user. Use additionally address the user revocation and my scheme prevents replay attacks. Key distribution is completed during a decentralized approach. The individual user s access policy is being hidden and noted, solely to every specific user. The whole history of the User isn't placed public cloud. So as to reinforce the authentication Paillier Cryptosystem rule is employed for encryption and decryption. This project will overcome the highest threats in clouds that are known recently. The threats which will be overcome are information loss, insecure APIs, Denial of Services, abuse of cloud services, shared technology difficulties. Once an information loss or corruption of the content during a file occurs, Fig. 4. Comparison with other access control schemes 162

it is often recovered exploitation File recovery choices. The String max Algorithm is employed for file recovery. Once if a user accidentally tries wrong access then he is going to be denied for all times. Thus User Revocation are often increased in future. The file recovery is performed exploitation backup file storage that consumes heap of memory usage. This could even be increased in future. REFERENCES [1] Sushmita Ruj, Milos Stojmenovic, Amiya Nayak, "Decentralized Access Control with Anonymous Authentication for Securing Data in Clouds,"IEEE Transactions on Parallel and Distributed Systems, pp. 1045-9219, 2013. [2] S. Raj, M. Stojmenovic and A. Nayak, Privacy Preserving Access Control with Authentication for Securing Data in Cloudsǁ, IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, pp. 556 563, 2012. [3] C. Wang, Q. Wang, K. Ren, N. Cao and W. Lou, Toward Secure and Dependable Storage Services in Cloud Computingǁ, IEEE T. ServicesComputing, vol. 5, no. 2, pp. 220 232, 2012. [4] J. Li, Q. Wang, C. Wang, N. Cao, K. Ren, and W. Lou, Fuzzy keyword search over encrypted data in cloud computing, ǁ in IEEE INFOCOM., pp. 441 445, 2010. [5] S. Kamara and K. Lauter, Cryptographic cloud storage,ǁ in Financial Cryptography Workshops, ser. Lecture Notes in Computer Science, Vol. 6054. Springer, pp. 136 149, 2010. [6] H. Li, Y. Dai, L. Tian, and H. Yang, Identitybased authentication for cloud computing,ǁ in CloudCom, ser. Lecture Notes in Computer Science, vol. 5931. Springer, pp. 157 166, 2009. [7] C. Gentry, A fully homomorphic encryption scheme,ǁ Ph.D. dissertation, StanfordUniversity, 2009, http://www.crypto.stanford.edu/craig. [8] A. -R. Sadeghi, T. Schneider, and M. Winandy, Token-based cloud computing,ǁ in TRUST, ser. Lecture Notes in Computer Science, vol. 6101.Springer, pp. 417 429, 2010. [9] R. K. L. Ko, P. Jagadpramana, M. Mowbray, S. Pearson, M. Kirchberg, Q. Liang, and B. S. Lee, Trustcloud: A framework for accountability and trust in cloud computing, ǁ HP Technical Report HPL-2011-38. Available at http://www.hpl.hp.com/techreports/2011/hpl- 2011-38.html. [10] R. Lu, X. Lin, X. Liang, and X. Shen, Secure Provenance: The Essential of Bread and Butter of Data Forensics in Cloud Computing, ǁ in ACM ASIACCS, pp. 282 292, 2010. [11] D. F. Ferraiolo and D. R. Kuhn, Role-based access controls, ǁ in 15th National Computer Security Conference, 1992. [12] A B Lewko and B Waters, Decentralizing attribute based encryptionǁ, Springer 2011. [13] K. Yang, X. Jia, and K. Ren, DAC-MACS: Effective Data Access Control for Multi- Authority Cloud Storage Systems, IACR Cryptology eprint Archive, p. 419, 2012 [14] M. Green, S. Hohenberger, and B. Waters, Outsourcing the Decryption of ABE Ciphertexts, Proc. USENIX Security Symp., 2011 [15] H.K. Maji, M. Prabhakaran, and M. Rosulek, Attribute-Based Signatures, Topics in Cryptology - CT-RSA, vol. 6558, pp. 376-392, 2011. [16] J. Bethencourt, A. Sahai, and B. Waters, Ciphertext-Policy Attribute-Based Encryption, Proc. IEEE Symp. Security and Privacy, pp. 321-334, 2007. [17] D.R. Kuhn, E.J. Coyne, and T.R. Weil, Adding Attributes to Role-Based Access Control, IEEE Computer, vol. 43, no. 6, pp. 79-81, June 2010. 163

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information